|
Products
Repscan 2008
PLSQL-Scanner
Hedgehog Enterprise
Checkpwd (free)
Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Videos
Scripts
News & Events
Events
News
Company
Blog
Contact
People
Partner
Impressum
Sitemap
Search
|
Buffer Overflow in DBMS_REPCAT_INSTANTIATE in Oracle 9i
| Name |
Buffer Overflow Oracle DBMS_REPCAT_INSTANTIATE in Oracle 9i (up to 9.2.0.4) |
| Systems Affected |
Oracle 9i |
| Severity |
High Risk |
| Category |
Buffer Overflow |
| Vendor URL |
http://www.oracle.com/ |
| Credit |
Esteban Martinez Fayo (<argeniss>dot<com>) |
| Exploit |
http://www.appsecinc.com |
| Date |
01 May 2005 (V 1.00) |
Details
Buffer Overflow in DBMS_REPCAT_INSTANTIATE. This package has EXECUTE permission granted to PUBLIC. Every database user can exploit this vulnerability and crash the database or execute arbitrary code. This vulnerability can be exploited via SQL Injection
Workarounds
REVOKE EXECUTE ON SYS.DBMS_REPCAT_INSTANTTIATE FROM PUBLIC FORCE;
Example
DECLARE
mynum NUMBER;
BEGIN
mynum := DBMS_REPCAT_INSTANTIATE.INSTANTIATE_OFFLINE('longstring','');
END;
or
SELECT DBMS_REPCAT_INSTANTIATE.INSTANTIATE_ONLINE ('longstring','') FROM Dual
Patch Information
Revoke the grant or apply the latest Oracle Security patches (e.g. CPU April 2004).
© 2005 by Red-Database-Security GmbH - last update 02-nov-2005
|
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.
|
